General
-
Target
02613b399df5fe771a4b6f9601a74161d20ebac3cf5c3d8320c6c1ba7feae048
-
Size
309KB
-
Sample
220620-ehw68sgah2
-
MD5
726f106fcfa599aba62ddfdcb70c6ebb
-
SHA1
413e3154f0f828c5c9c7a29fe0f277e5011ca2bb
-
SHA256
02613b399df5fe771a4b6f9601a74161d20ebac3cf5c3d8320c6c1ba7feae048
-
SHA512
9736d1ac6b4d54afa54e9fc9a61c6b2e1d2804d0f0518ddbc71a1f4f668dba29604e26a75ff87b524b5618fee572dc78a265e2427c802b560ce412877bc12f58
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
02613b399df5fe771a4b6f9601a74161d20ebac3cf5c3d8320c6c1ba7feae048
-
Size
309KB
-
MD5
726f106fcfa599aba62ddfdcb70c6ebb
-
SHA1
413e3154f0f828c5c9c7a29fe0f277e5011ca2bb
-
SHA256
02613b399df5fe771a4b6f9601a74161d20ebac3cf5c3d8320c6c1ba7feae048
-
SHA512
9736d1ac6b4d54afa54e9fc9a61c6b2e1d2804d0f0518ddbc71a1f4f668dba29604e26a75ff87b524b5618fee572dc78a265e2427c802b560ce412877bc12f58
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-